Audacity Desktop App Privacy Notice <p>
<em>Last updated: 2 July 2021</em>
</p>
<ol>
<li>
<strong>About this Notice</strong>
<ol>
<li>This Privacy Notice (“<strong>Notice</strong>“) explains how we (as defined below) collect and use any information that, alone or in combination with other information, relates to you (“<strong>Personal Data</strong>“) when you (“<strong>you</strong>” and “<strong>your</strong>“) use our desktop app Audacity (the “<strong>App</strong>“).
We collect very limited Personal Data about you.</li>
<li>This Notice also sets out the rights that you have in relation to the Personal Data that we process about you and how you can exercise them.</li>
<li>Audacity treats compliance with its privacy obligations seriously.
This is why we have developed this Notice, which describes the standards that Audacity applies to protect Personal Data.</li>
<li>For the purposes of this Notice, WSM Group with registered office at Moskovsky pr-t,40-1301, Kaliningrad, Russia, 236004 (“<strong>Audacity</strong>“, “<strong>us</strong>“, “<strong>we</strong>“, or “<strong>our</strong>“) acts as the data controller for the Personal Data that is collected via the App and through the App.
As a data controller, Audacity is responsible for ensuring that the processing of Personal Data complies with applicable data protection law, and specifically with the General Data Protection Regulation.</li>
<li>Please take the time to read this Notice carefully.
If you have any questions or comments, please contact us via privacy@AudacityTeam.org.</li>
</ol>
</li>
<li>
<strong>What Personal Data does Audacity collect and why?</strong>
<ol>
<li>The very limited types of Personal Data that we may collect about you, and the reasons why we process it, are as follows.
As a general comment our App does not require you to create an account or profiles and we do not ask you to provide us with your name, contact details or any other direct identifiers.</li>
</ol>
</li>
</ol> Why we collect itPersonal Data we collectLegal grounds for processing• App analytics<br>• Improving our App• OS version<br>• User country based on IP address<br>• OS name and version<br>• CPU<br>• Non-fatal error codes and messages (i.e.
project failed to open)<br>• Crash reports in Breakpad MiniDump format• Legitimate interest of WSM Group to offer and ensure the proper functioning of the App• For legal enforcement• Data necessary for law enforcement, litigation and authorities’ requests (if any)• Legitimate interest of WSM Group to defend its legal rights and interests <ol>
<li>
<strong>Minors</strong>
<ol>
<li>The App we provide is not intended for individuals below the age of 13.
If you are under 13 years old, please do not use the App.</li>
</ol>
</li>
<li>
<strong>Who does Audacity share your Personal Data with?</strong>
<ol>
<li>We may disclose the Personal Data listed above (your hashed IP address) to the following categories of recipients:<ol>
<li>to our <strong>staff members</strong>.
We take precautions to allow access to Personal Data only to those staff members who have a legitimate business need for access and with a <strong>contractual prohibition</strong> of using the Personal Data for any other purpose.</li>
<li>to <strong>any competent law enforcement body, regulatory, government agency, court or other third party</strong> where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights;</li>
<li>to <strong>our auditors, advisors, legal representatives and similar agents</strong> in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Data for any other purpose.</li>
<li>to <strong>a potential buyer</strong> (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Data only for the purposes disclosed in this Notice;</li>
<li>to any other person if you have provided your prior consent to the disclosure.</li>
</ol>
</li>
</ol>
</li>
<li>
<strong>How we protect your privacy</strong>
<ol>
<li>We will process Personal Data in accordance with this Notice, as follows:<ol>
<li>
<strong>Fairness</strong>: We will process Personal Data fairly.
This means that we are transparent about how we process Personal Data and that we will process it in accordance with applicable law.</li>
<li>
<strong>Lawfulness</strong>: We will process Personal Data only on lawful grounds.</li>
<li>
<strong>Purpose limitation</strong>: We will process Personal Data for specified and legitimate purposes, and will not process it in a manner that is incompatible with those purposes, unless permitted by applicable data protection laws.</li>
<li>
<strong>Data minimization</strong>: We will process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed.</li>
<li>
<strong>Data accuracy</strong>: We take appropriate measures to ensure that the Personal Data that we hold about you is accurate, complete and, where necessary, kept up to date.
However, it is also your responsibility to ensure that your Personal Data is kept as accurate, complete and current as possible by informing us promptly of any changes or errors.
You should notify us of any changes to the Personal Data that we hold about you.</li>
<li>
<strong>Data security: </strong>We use appropriate technical and organisational measures to protect the Personal Data that we collect and process about you.
The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.
Specific measures we use include to-date secure network architectures that contain firewalls and intrusion detection devices and backups.</li>
</ol>
</li>
</ol>
</li>
<li>
<strong>Data storage, retention and deletion</strong>
<ol>
<li>The IP address will be stored in an identifiable way only for a calendar day.
IP addresses are stored as a hash, the salt for which is changed daily.
The salt is not stored on any database and cannot be retrieved after it has been changed.
<strong>We store the hash for one year, after which, it is deleted.
</strong>Other information we collect, such as OS version or CPU information is not identifiable.</li>
<li>We may also store your Personal Data for the purpose of exercising, establishing or defending our legal rights in accordance with applicable laws.</li>
</ol>
</li>
<li>
<strong>Data storage and transfers of data</strong>
<ol>
<li>All your personal data is stored on our servers in the European Economic Area (EEA).
However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.</li>
<li>We have put in place appropriate safeguards (which includes the European Commission’s Standard Contractual Clauses) to ensure that whenever your Personal Data is transferred outside the EEA to countries that are not deemed adequate by the European Commission, your Personal Data receives an adequate level of protection in accordance with the GDPR.</li>
</ol>
</li>
<li>
<strong>Your data protection rights</strong>
<ol>
<li>You have the following data protection rights:<ol>
<li>If you wish to <strong>access, correct, update or request deletion</strong> of your Personal Data, you can do so at any time by contacting via privacy@AudacityTeam.org.</li>
<li>In addition, in certain circumstances, as stipulated in the applicable data protection legislation, you can <strong>object to processing</strong> of your Personal Data, ask us to <strong>restrict processing</strong> of your Personal Data or <strong>request portability</strong> of your Personal Data.
Again, you can exercise these rights by contacting us using the following contact details: privacy@AudacityTeam.org.</li>
<li>If you have a complaint or concern about how we are processing your Personal Data then we will endeavour to address such concern(s).
If you feel we have not sufficiently addressed your complaint or concern, you have the <strong>right to complain to a data protection authority</strong> about our collection and use of your Personal Data.
For more information, please contact your local data protection authority.
(Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available <u>here</u>.)</li>
</ol>
</li>
<li>We respond to all requests we receive at via privacy@AudacityTeam.org from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.</li>
</ol>
</li>
<li>
<strong>Linking to other websites</strong>
<ol>
<li>The App may contain hyperlinks to websites owned and operated by third parties.
These websites have their own privacy policies and we urge you to review them.
They will govern the use of Personal Data you submit whilst visiting these websites.</li>
<li>We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.</li>
</ol>
</li>
<li>
<strong>Updates to this Notice</strong>
<ol>
<li>We may update this Notice from time to time in response to changing legal, technical or business developments.
When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.</li>
<li>You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.</li>
</ol>
</li>
<li>
<strong>How to contact us</strong>
<ol>
<li>If you have any questions or comments, or if you wish to exercise your data protection rights, please contact us via privacy@AudacityTeam.org.</li>
</ol>
</li>
<li>
<strong>Additional Information for California Consumers</strong>
<ol>
<li>The California Consumer Privacy Act (“<strong>CCPA</strong>”) provides California residents, referred to in the law as “consumers,” with rights to receive certain disclosures regarding the collection, use, and sharing of personal information, as well as rights to access and control personal information.
Certain information that we collect may be exempt from the CCPA because it is considered public information (because it is made available by a government entity) or covered by another federal privacy law, such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.</li>
<li>To the extent that we collect personal information about you that is subject to the CCPA, that information, our practices, and your rights are described below.</li>
<li>
<strong>Right to information regarding the categories of personal information collected, sold, and disclosed: </strong>You have the right to obtain information regarding the categories of personal information we collect, sell, or disclose.
That information is provided in this Privacy Policy.
We collect the categories of information described above.
The categories that we use to describe the information are those enumerated in the CCPA.</li>
<li>We do not sell personal information.</li>
</ol>
</li>
</ol>